Overview

File CVE-2022-38784.patch of Package poppler.27869

Index: poppler-0.79.0/poppler/JBIG2Stream.cc
===================================================================
--- poppler-0.79.0.orig/poppler/JBIG2Stream.cc	2019-07-15 22:34:02.000000000 +0000
+++ poppler-0.79.0/poppler/JBIG2Stream.cc	2022-12-02 17:53:37.581677595 +0000
@@ -2094,7 +2094,11 @@ void JBIG2Stream::readTextRegionSeg(unsi
   for (i = 0; i < nRefSegs; ++i) {
     if ((seg = findSegment(refSegs[i]))) {
       if (seg->getType() == jbig2SegSymbolDict) {
-	numSyms += ((JBIG2SymbolDict *)seg)->getSize();
+        const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
+        if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
+            error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
+            return;
+        }
       } else if (seg->getType() == jbig2SegCodeTable) {
 	codeTables->push_back(seg);
       }
openSUSE Build Service is sponsored by
Places